Workplace retirement accounts have long been the largest source of retirement savings for many individuals and households. However, times of uncertainty and volatility serve as a reminder of the importance of ensuring proper safeguards are in place to protect your assets and your identity. Ultimately, protecting your retirement nest egg is a shared responsibility between you, your employer and your retirement service provider.
For background, in 2021, the U.S. Department of Labor released cybersecurity guidance for retirement plan participants, sponsors and service providers. The guidance emphasized the importance of thorough due diligence when selecting vendors, incorporating cybersecurity provisions into contracts and clearly defining the role each party plays in protecting plan assets. These updates serve as a timely reminder that safeguarding retirement savings requires coordinated action across all levels of plan administration.
Your employer, and likely the sponsor of your retirement plan, has a fiduciary responsibility to act in your best interests. A plan sponsor’s responsibility to safeguard plan assets and participants includes the following:
- Exercising care and prudence when selecting service providers – Plan sponsors must carefully review potential service providers, such as recordkeepers, trustees and custodians, to ensure they follow best practices related to cybersecurity. The DOL cybersecurity guidance for employer-sponsored retirement plans is detailed in a document entitled, “Tips for Hiring a Service Provider with Strong Cybersecurity Practices.” The document provides guidelines to help plan sponsors prudently select and monitor service providers, emphasizing that employers who fail to protect plan assets are subject to DOL investigations and lawsuits from plan participants.
- Maintaining cybersecurity best practices –It’s imperative that plan sponsors, recordkeepers and other service providers take steps to protect the plan from cybersecurity threats. The DOL’s recently updated document, “Cybersecurity Best Practices,” provides tips for conducting annual risk assessments and third-party audits, implementing access control procedures, defining security roles and responsibilities, managing data and more.
It’s also important that you take steps to protect your assets and personal data from cyber fraud. DOL guidance for employees on “Online Security Tips” includes the following:
- Establish online access to your account and log in regularly – Failing to register for an online account may allow fraudsters to establish an account on your behalf. Regularly checking in on your retirement allows you to quickly identify any fraudulent activity and take steps to correct it.
- Use multi-factor authentication – This security method requires a second credential to verify your identity and can make it more difficult for fraudsters to access your account. According to the Plan Sponsor Council of America, 72% of 401(k) plans have implemented multi-factor authentication for participant accounts. Increasing adoption of this important tool is one of the best ways to strengthen your account’s defenses.
- Choose strong passwords that are difficult to guess – Don’t use the same password on multiple sites, don’t store passwords in a place where others can access them, and be sure to change your passwords at least every 120 days.
- Use secure Wi-Fi networks – Only log in to your account from secure Wi-Fi networks. Public Wi-Fi networks, such as the ones available at coffee shops, airports, hotels and other public places, can pose security risks that make your account vulnerable to hackers.
- Regularly update your antivirus software –New software versions often include fixes for previous security vulnerabilities, which is why it’s important to complete regular updates. It’s also important to make sure your software includes firewalls and intrusion detection in addition to antivirus protection.
- Be on alert for phishing scams – Fraudsters regularly send emails that appear to be from a reputable source in order to persuade individuals to provide valuable personal information, such as access codes, credit card numbers, Social Security numbers, account numbers, etc. These emails may also contain corrupted links that, when clicked on, can install malware on your device. Resist the urge to click on any suspicious links, and never provide personal information by email. If you receive a message that appears to be from your financial institution, don’t provide any information until you’ve verified the email’s authenticity.
In response to the very real cyber threats that exist, retirement service providers have been making changes to their policies. These can be minor, like requiring multi-factor authentication when logging into their website or mobile app, or more significant, like delaying certain transactions if you’ve recently changed your address. While some policies might be new or viewed as inconvenient, the purpose is to safeguard your retirement savings.
In the unlikely event your account is compromised and money is removed from your 401(k) or other workplace retirement plan without your authorization, several retirement providers offer “cyber security guarantees.” While the details and specific features vary, if available, these programs can provide additional peace of mind that your retirement savings are secure. To learn more about what’s in place for your retirement plan, check with your employer or reach out to your retirement service provider via the phone number on your account statement. In today’s digital world, keeping your 401(k) secure requires constant attention, collaboration and vigilance from all parties involved.
Read the full article here
